CVE-2025-3999

Name of the Vulnerable Software and Affected Versions Seeyon Zhiyuan OA Web Application System version 8.1 SP2

Description A problematic issue has been found in the Seeyon Zhiyuan OA Web Application System, affecting some unknown processing of the file seeyonoptSeeyonA8ApacheJetspeedwebappsseeyoncommonjsaddDatedate.jsp of the component URL Parameter Handler. This manipulation leads to cross-site scripting. The attack may be initiated remotely.

Recommendations For Seeyon Zhiyuan OA Web Application System version 8.1 SP2, consider disabling the URL Parameter Handler component until a patch is available to prevent cross-site scripting attacks. Restrict access to the date.jsp file in the addDate directory to minimize the risk of exploitation. Avoid using the vulnerable URL Parameter Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.